Name the package manifest to something less general than SHA256SUMS ? #52

afbjorklund · 2023-03-19T08:44:24Z

afbjorklund
Mar 19, 2023

It would be nice if the filename didn't dictate the digest, for better future compatibility.

It would also be nice if it didn't have the same name as all other generated lists of files.

Maybe even JSON, like jsonlines format ?

But something more like multiformats.

afbjorklund · 2023-03-19T08:50:30Z

afbjorklund
Mar 19, 2023
Author

Back in the day, we even had package checksums to verify the payload and not just the wrapper archive.

That way you could still verify your installation, even after installation - or with new compression formats.
This checksum was of course signed, so that you could verify the signature that created the binaries...

I think it is still there in the RPM format, for instance ? Or in external formats, like the 0install XML.

https://docs.0install.net/specifications/manifest/

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Name the package manifest to something less general than SHA256SUMS ? #52

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Replies: 1 comment

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Select a reply

Name the package manifest to something less general than SHA256SUMS ? #52

afbjorklund Mar 19, 2023

Replies: 1 comment

afbjorklund Mar 19, 2023 Author

afbjorklund
Mar 19, 2023

afbjorklund
Mar 19, 2023
Author